i am trying to send Unix time to a saved search and i m expecting the Splunk to return the events for the Unix time earliest and latest. Below is the code i'm using.
But Splunk runs query for All Time.
How can I send a Unix time as the value for earliest and latest parameters
ServiceArgs namespace = new ServiceArgs();
namespace.setApp(appName);
SavedSearch savedSearch = service.getSavedSearches(namespace).get(searchName);
log.debug("Run the '" + savedSearch.getName() + "' search ("
+ savedSearch.getSearch() + ")\n");
Job jobSavedSearch = null;
SavedSearchDispatchArgs dispatchArgs = new SavedSearchDispatchArgs();
//// These attributes have setter methods
dispatchArgs.setDispatchEarliestTime("1405616400");
dispatchArgs.setDispatchLatestTime("1405620000");
// Run the saved search
try {
jobSavedSearch = savedSearch.dispatch(dispatchArgs);
} catch (InterruptedException e1) {
log.fatal("Splunk serach job interrupted", e1);
}
... View more